I just started playing around with init scripts. So if I do something boneheaded in this tip, I'd like to know. With that in mind, here's how I got my iptables ruleset to load before bringing up my external interface.

In my box I have eth0 connected to my cablemodem (uses dhcp) and eth1 connected to my internal network (which is NAT'd).

I had to make the /var/lib/iptables directory because it didn't exist, and the /etc/conf.d/iptables automatically looks there. Alternatively, you could just change where the /etc/conf.d/iptables file looks for saved rulesets.

Next, in /etc/init.d/net.eth0, change the depend section so that

Code:

depend() {
use pcmcia
}

looks like

Code:

depend() {
need iptables
use pcmcia
}

After a reboot eth0 came up after iptables, but eth1 was still coming up before both of them!
I tried many things with net.eth1 to make it come up *after* eth0 but nothing worked ("need net.eth0" "need iptables" "after net.eth0" etc). Now maybe I'm anal-retentive (note the use of the hypen ), but I wanted eth1 to come up after eth0. Here's how I fixed it.
In /etc/init.d/iptables it has this depend section

Code:

depend() {
need net logger
}

Aha! So it was starting net.eth1 because it needed net! It doesn't really so just remove net from there and it works.

I also added my echo "1" > /proc/sys/net/ipv4/ip_forward command to the iptables runscript, just so I didn't have to use it in /etc/conf.d/local.start.
I felt this was more gentoo-ish than the rc.local firewall method I was using .